Re: (ITS#5354) slapd repeatedly hangs and stops reponding

[Howard Chu <hyc@symas.com>]

Oren Laadan wrote:
> Howard Chu wrote:
> > You haven't provided any information to explain why you cannot structure
> > your additional entries as a distinct subtree. You're still just
> > handwaving when we ask for concrete examples of the entries involved.
>
> Clearly I'm new to LDAP. Please indicate what information is missing,
> I'll be happy to provide, even the local database (my .ldif file) and
> sample queries from the remote server. Just name it.
>
> Taking a step back: we have a departmental LDAP server for user auth,
> (posix) groups, autofs maps and so on. In my group, we add to the DB
> groups and autofs maps that do not exist on the remote server, so a
> user on our machines can belong to additional groups.
>
> I am not arguing that I cannot structure it differently. I simply do
> not know if I can structure it differently. Ideally I could add entries
> to the remote database, but that is impossible. The remote server
> gives DN dc=MAIN,dc=EXAMPLE,dc=COM, which is what I made the local
> server give (via the meta backend) and which is what the clients are
> using as their base DN.

Since it appears that you just need to make your data work with 
pam_ldap/nss_ldap I suggest you (1) keep your local data in a distinct subtree 
and (2) read the pam/nss_ldap documentation regarding the use of multiple 
service search descriptors. There's no reason to be using suffixmassage here.

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/